Toyota: Some security firms promise too much

If "it sounds as though you are being offered a panacea, then it's time to change the conversation," says an exec for the automaker.

Will Sturgeon Special to CNET News.com
2 min read
The head of information security at Toyota spoke candidly this week to an audience of press, analysts and IT bosses about his concerns over claims made by some security vendors and resellers.

Richard Cross, the automaker's information security officer, warned against misleading doublespeak and promises of universal cure-alls.

"There is a temptation to go searching for a panacea, but if you find yourself speaking to a vendor and it sounds as though you are being offered a panacea, then it's time to change the conversation," Cross told attendees at the Gartner IT Security Summit in London this week. He added that in his view, many companies intentionally mislead customers.

The remarks drew a variety of reactions.

Ian Schenkel, managing director of security company Sygate, agreed with Cross that there are no panaceas. But he added that if there are any IT directors who have fallen for a misleading approach, it is in part because they have not done their homework.

"Some IT directors are looking for the holy grail," he said, adding that some have a tendency to only hear what they want to hear. "But they are basically kidding themselves. What IT directors want to hear is that I'm the medicine man here to cure all their ills, but that simply isn't the case. Companies should always be looking at a layered solution, involving multiple vendors. To expect a single solution is unrealistic."

Some vendors say the problem of overselling is less severe than it used to be.

Simon Perry, vice president of security strategy at Computer Associates International, said: "Five years ago, it was certainly true that most antivirus vendors were talking things up, but a growing sense of maturity and responsibility in the industry has definitely seen this decline."

Perry warned that companies that do oversell are in danger of not being taken seriously and jeopardizing their business. He said that typically it is smaller companies attempting to gain recognition in a crowded marketplace that may make bolder claims.

Schenkel conceded that the 1990s weren't great days for honesty within the industry, or for the image of the IT vendor overall, but he added that much of the current negative press addresses little more than the kind of marketing that is rife in any competitive industry.

"There is always going to be an element of jostling, with companies claiming theirs is the best product on the market, but that is just the software industry," he said. "The bottom line is that companies still have to back up their claims."

David Guyatt, CEO at Clearswift, told Silicon.com he would support any industry initiative and codes of practice that would effectively expose any company making exaggerated claims.

Will Sturgeon of Silicon.com reported from London.